PRIVACY POLICY
1. General
This Privacy Policy informs you which personal data Caliper d.o.o. – zzuum Active Vacation collects, in what way and for what purposes. It informs you what your rights as data subject are. Privacy Policy is used according to General Data Protection Regulation of the European Parliament and of the Council of 27 April 2016 and according to Croatian national legislation.
2. Data controller
Controller (hereinafter referred to as “the Controller”) is the Caliper d.o.o. – zzuum Active Vacation, Kovačka 5, Zadar, Croatia; phone:+385913200300; e mail: info@zzuum.com.
3. Collection and processing of personal data
The Controller values the trust you have put in us; therefore we only collect and process the data to the extent that is permitted by the law and required for the fulfillment of the respective purpose. We collect and process following personal data for the purpose of providing our services:
- for the booking of our services:
– first name and last name
– nationality
-phone number
-e mail address
-body height
-booking date
- to contact the User and handle feedback:
-first name and last name
-phone number
-e mail address
- to charge and invoice the User for the services:
-first name and last name
-e mail address
- for statistical purposes:
-nationality
-type of used services
-booking date
- for the fulfilling of the obligations deriving from the business relationship:
-first name and last name
-phone number
-e mail address
- for marketing purposes (newsletters):
-e mail address
4. Taking photos
It is our legitimate interest to take photos and to publish them on our website for marketing purposes. If you do not agree with this, you can object to this processing and the publication any time at our office or by email to info@zzuum.com.
5. Transmitting personal data to third parties
The Controller does not transmit your personal data to third parties except in the case when we are legally obliged or in case of medical emergency (in that case data is transmitted to authorized medical personnel).
6. Data processing on behalf of the Controller
The Controller remains liable for the protection of your personal data even in cases when processing is carried out by the External Processors on behalf of the Controller. External Processors perform only the activities that are necessary to provide our services. Your personal data is transmitted to the following external data processors:
- Javna ustanova Nacionalni park Plitvička jezera, Croatia
- Teambuilding d.o.o., Croatia
- Kanela tours, Croatia
- More d.o.o., Croatia
- Web račun, Croatia
- Ilirija d.d., Croatia
- Javna ustanova Park prirode Vransko jezero, Croatia
- Floki prijevoz j.d.o.o., Croatia
- Air Action j.d.o.o., Croatia
- Riva rafting centar, Croatia
- Autoškola Centar d.o.o., Croatia
- Avia d.o.o., Croatia
- Art & nature travel, Croatia
- Tisno obrt za ugostiteljstvo i turizam, Croatia
- Izazov – tours, Croatia
- Kayak & bike tours, Croatia
- Mountain traveller Croatia, Croatia
- Supra yacht, Croatia
- Shuttle Bus d.o.o., Croatia
- Hotel Delfin, Croatia
- Hotel Sali, Croatia
- Hotel Mediteran, Croatia
- Pansion Rušev, Croatia
- Obrt Locus, Croatia
- Katalysis j.d.o.o., Croatia
- Checkfront, Canada
All external Processors are committed to comply with the applicable data protection regulations.
7. Duration of the data processing
We process your personal data from the initiation of the business relationship, during the performance to the termination of a business relationship and until all open claims in connection with the business relationship have been satisfied in full.
After the business relationship ends, your data will be stored until expiry of legally binding retention periods and until termination of any legal dispute in which the data is required as proof.
Your personal data will be stored for 5 years for statistical purposes.
8. Personal data security
The Controller takes technical and organizational measures to protect the User’s personal data from manipulation, loss, destruction or access from unauthorized persons. The precautionary measures are revised on a regular basis in accordance with the technological development and up to date technical equipment.
9. User’s rights
Regarding the processing of User’s data, User may claim the following rights under the General Data Protection Regulation and the national data protection law:
- right of access
User has the right to obtain confirmation as to whether or not personal data is being processed. The confirmation contains the purposes of the processing, the categories of personal data concerned and recipients or categories of recipients to whom personal data have been or will be disclosed and the duration of the processing.
- right to rectification
User has the right to obtain the rectification of inaccurate personal data and the right to have incomplete personal data completed, without undue delay.
- right to restriction of processing
User has the right to obtain the restriction of processing personal data when: the processing is unlawful, but User opposes the erasure and requests the restriction of data usage instead; User contests the accuracy of the data; the Controller does not need the data for the purposes of the processing, but User requires the data for the establishment, exercise or defense of legal claims; User objects to data processing.
- right to object
User has the right to object at any time to processing of the personal data, necessary to safeguard User’s legitimate interests or legitimate interests of a third party. User’s data shall not be processed unless there are compelling legitimate grounds which override User’s interests.
- right to lodge a complaint
If it is a User’s opinion that the Controller is processing personal data contrary to national or European data protection legislation, User can contact us at any time. User also has the right to contact the relevant data protection authorities and as from 25.05.2018 User can contact or lodge a complaint with a supervisory authority within the EU.
- right to data portability
User has the right to receive the personal data provided to us in a structured, commonly used and machine-readable format.
- right to erasure
User has the right to obtain the erasure of personal data without due delay when the personal data have been unlawfully processed, when the processing interferes with User’s legitimate interests, when the personal data are no longer necessary in relation to the purposes for which they were collected and when User withdraws the consent on which the processing is based. Please note that there may be reasons that preclude immediate erasure, such as in the case of legal retention obligation.
- asserting the rights
In order to assert one of the aforementioned rights, User can use the following contact options:
email to: info@zzuum.com
letter to: Caliper d.o.o. – zzuum Active Vacation
Ulica Federica Grisogona 9
23 000 Zadar
Croatia